Method for Distributing and Authenticating Public Keys Using Random Numbers and Diffie-Hellman Public Keys

1. A method for a second machine to distribute a public cryptographic key (PK s ) to a first machine, said method comprising: receiving message data, by the second machine from the first machine as a result of the message data having been sent by the first machine to the second machine, wherein the message data consists of a concatenation of an identifier (ID) of the first machine, a character string (StrPK c ) denoting that a private key (PK c ) of the first machine has been compromised, and eSK c (Hash(ID,StrPK c )), wherein Hash(ID,StrPK c ) denotes a hashing of ID and StrPK c , and wherein eSK c (Hash(ID,StrPK c )) denotes an encryption of Hash(ID,StrPK c ) using the private key PK c to form a signature represented by the encryption; after said receiving the message data, said second machine verifying the signature using a public key associated with PK c ; after a suspension of data exchange between the first machine and the second machine after said verifying the signature, receiving a message, by the second machine from the first machine as a result of the message having been sent by the first machine to the second machine, wherein the message consists of a concatenation of ID, a first Diffie-Hellman public key (D c ), and a prime modulus (P), wherein Dc=(PW**R c ) Mod P, wherein PW is a secret password known by both the first machine and the second machine, and wherein R c is a first random number; after said receiving the message, generating, by the second machine, a second random number (R s ); after said generating R s , computing, by the second machine, a second Diffie-Hellman public key (D s ) according to D s =(PW**R s ) Mod P; after said computing D s , computing, by the second machine, a Diffie-Hellman symmetric secret key (S) according to S=(Dc**R s ) Mod P; after said computing S, providing, by the second machine, an argument (ARG s ) that consists of a concatenation of ID, D c , P, PK s , D s , and S; after said providing ARG s , hashing ARG s , by the second machine, to provide a hashed value denoted as Hash(ARG s ); after said hashing ARG s , forming, by the second machine, an extended concatenation EXT s that consists of a concatenation of ID, PK s , D s , and Hash(ARG s ); and after said forming EXT s , sending, by the second machine to the first machine, EXT s .

2. A method for a first machine to authenticate a public cryptographic key (PK s ) of a second machine, said method comprising: sending, by the first machine to the second machine, message data consisting of a concatenation of an identifier (ID) of the first machine, a character string (StrPK c ) denoting that a private key (PK c ) of the first machine has been compromised, and eSK c (Hash(ID,StrPK c )), and wherein eSK c (Hash(ID,StrPK c )) denotes an encryption of Hash(ID,StrPK c ) using the private key PK c to form a signature represented by the encryption; after said sending the message data and after a suspension of data exchange between the first machine and the second machine following verification of the signature by the second machine using a public key associated with PK c , generating, by the first machine, a first random number (R c ); after said generating R c , computing, by the first machine, a first Diffie-Hellman public key (D c ), wherein Dc=(PW**R c ) Mod P, wherein PW is a secret password known by both the first machine and the second machine, and wherein P is a prime modulus; after said computing D c , sending, by the first machine to the second machine, a message consisting of ID, D c , and P; after said sending the message, receiving an extended concatenation EXT s , by the first machine from the second machine as a result of EXT s having been sent by the second machine to the first machine, wherein EXT s consists of a concatenation of ID, PK s , a second Diffie-Hellman public key (D s ), and a first hashed value Hash(ARG s ), wherein ARG s consists of a concatenation of ID, D c , P, PK s , D s , and a first Diffie-Hellman symmetric secret key (S), wherein D s =(PW**R s ) Mod P, wherein R s is a second random number, and wherein S=(D c **R s ) Mod P; after said receiving EXT s , computing, by the first machine, a second Diffie-Hellman symmetric secret key (S′) according to S′=(D s **R c ) Mod P; after said computing S′, providing, by the first machine, an argument (ARG s ′) that consists of a concatenation of ID, D c , P, PK s , D s , and S′; after said providing ARG s ′ hashing ARG s ′, by the first machine, to provide a hashed value denoted as Hash(ARG s ′); and after said hashing ARG s ′, determining, by the first machine, that Hash(ARG s ′) is equal to Hash(ARG s ) to confirm that PK s is authentic.